search menu icon-carat-right cmu-wordmark
ATTENTION: VINCE web interface and API interfaces will be down for maintenance from 1200 EDT on Tuesday, March 19, 2024, until no later than 0900 EDT Wednesday, March 20, 2024.

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2024-03-07 2024-03-07 2024-03-18 VU#949046 Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks
2024-03-14 2024-03-14 2024-03-15 VU#488902 CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions
2022-11-01 2022-11-01 2024-03-08 VU#794340 OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
2022-08-11 2022-08-11 2024-03-04 VU#309662 Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
2021-01-19 2021-01-19 2024-03-04 VU#434904 Dnsmasq is vulnerable to memory corruption and cache poisoning
2023-12-06 2023-12-06 2024-03-04 VU#811862 Image files in UEFI can be abused to modify boot behavior
2024-01-16 2024-01-16 2024-03-04 VU#132380 Vulnerabilities in EDK2 NetworkPkg IP stack implementation.
2021-12-15 2021-11-29 2024-03-04 VU#930724 Apache Log4j allows insecure JNDI lookups
2023-02-28 2023-02-28 2024-03-04 VU#782720 TCG TPM2.0 implementations vulnerable to memory corruption
2024-01-16 2024-01-16 2024-01-31 VU#302671 SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies
2024-01-16 2024-01-16 2024-01-17 VU#446598 GPU kernel implementations susceptible to memory leak
2023-09-12 2023-09-12 2023-11-16 VU#347067 Multiple BGP implementations are vulnerable to improperly formatted BGP updates
2023-09-06 2023-09-06 2023-09-06 VU#304455 Authentication Bypass in Tenda N300 Wireless N VDSL2 Modem Router
2023-08-28 2023-08-28 2023-08-28 VU#757109 Groupnotes Inc. Videostream Mac client allows for privilege escalation to root account
2023-08-16 2023-08-16 2023-08-16 VU#287122 Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verification process

Sponsored by CISA.